Virus and Spyware Removal Guides, uninstall instructions

What is Maql ransomware?

Maql is a type of malware that encrypts files, appends the ".maql" extension to the filename of each encrypted file, and creates the "_readme.txt" file (a ransom note). It renames a file named "1.jpg" to "1.jpg.maql", "2.jpg" to "2.jpg.maql", and so on. Maql is part of the Djvu ransomware family.

What is the ngecauuksehi[.]xyz site?

Ngecauuksehi[.]xyz is a rogue website sharing common traits with current-captcha.top, fugles.net, get-positive.net, captchamodern.top and many others. It is designed to load dubious material and/or redirect visitors to different (likely untrustworthy or malicious) pages.

Most users unintentionally enter sites of this kind via redirects caused webpages, intrusive adverts, or PUAs (Potentially Unwanted Applications) already infiltrated into their devices.

What is current-captcha[.]top?

Current-captcha[.]top is a rogue website designed to load questionable content, push its browser notifications, and/or redirect visitors to various (likely unreliable or malicious) pages. There are thousands of such webpages on the Internet; clevercaptcha.top, positivestar.org, and news-hoyisa.cc are but a few examples.

Rogue sites are rarely accessed intentionally; most users get redirected to them by untrustworthy webpages, intrusive ads, or installed PUAs (Potentially Unwanted Applications).

What is clevercaptcha[.]top?

Similar to fugles.net, news-lipaze.cc, premium-shops-around.me, and thousands of others, clevercaptcha[.]top is a rogue site. It operates by presenting visitors with dubious material and/or redirecting them to various (likely unreliable or malicious) websites.

Most users enter such pages via redirects caused by untrustworthy sites, intrusive ads, or installed PUAs (Potentially Unwanted Applications).

What is Squirrelwaffle?

Squirrelwaffle is a piece of malicious software designed to cause chain infections, i.e., download/install additional malware. At the time of research, Squirrelwaffle was used to infect systems with Cobalt Strike malicious program. The latter is infamous for being used to inject devices with ransomware.

What is ModeService?

ModeService is an adware-type app with browser hijacker qualities. Due to most users inadvertently downloading/installing ModeService, it is also classified as a PUA (Potentially Unwanted Applications).

What kind of website is cowboy2u4me[.]me?

Cowboy2u4me[.]me is one of the many websites designed to load untrustworthy content, ask for permission to show notifications, and open shady web pages. It is similar to jollycrowds[.]com, news-lipaze[.]cc, positivestar[.]org, and other sites. Users end up on these pages unintentionally.

What kind of page is jollycrowds[.]com?

Jollycrowds[.]com can redirect visitors to various untrustworthy pages. Also, it asks for permission to show notifications. This page gets opened through clicked shady advertisements, other dubious pages, or installed potentially unwanted applications (PUAs) - users do not open jollycrowds[.]com on purpose.

What is Cybelium ransomware?

Cybelium is a piece of malicious software classified as ransomware. It is designed to encrypt data (render files unusable) and demand ransoms for the decryption.

Affected files are appended with a ".cybel" extension. For example, a file initially titled "1.jpg" would appear as "1.jpg.cybel", "2.jpg" as "2.jpg.cybel", etc. Once this process is complete, a ransom note - "RECOVER ENCRYPTED FILES.TXT" - is dropped onto the desktop.

What is GlobeImposter (.xls) ransomware?

GlobeImposter (.xls) encrypts files and appends the ".xls" extension to each encrypted file's filename. For example, a file named "1.jpg" is renamed to "1.jpg.xls", "2.jpg" to "2.jpg.xls", and so on. GlobeImposter (.xls) creates the "read-me.txt" file to provide instructions on how to contact the attackers for data recovery.